Hi All, I have established Lan to Lan IPsec VPN between two routers having 12.4(15) T9 IOS. I want to filter telnet traffic through vpn tunnel. To achieve this, filtering access list is used inside crypto map. The configuration of a router is as follows:
crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key CISCO address 136.1.123.13 crypto ipsec transform-set test esp-3des esp-md5-hmac ! crypto map GMD 1 ipsec-isakmp set peer 136.1.123.13 set ip access-group 110 out set transform-set test match address test2 ! interface Loopback0 ip address 150.1.1.1 255.255.255.0 ! interface FastEthernet0/0 description "Connected to R4" ip address 136.1.121.13 255.255.255.0 duplex auto speed auto crypto map GMD ip access-list extended test2 permit ip host 150.1.1.1 host 150.1.2.2 ! access-list 110 permit icmp any any access-list 110 deny ip any any ! As per this configuration, only icmp traffic is allowed through VPN tunnel. But IPsec tunnel is created or established even with telnet traffic to remote peer. After observing access list hit count, it is seen that hit count is not increasing of filtering access list 110. But hit count is increasing for crypto access list test2. Is this bug of 12.4(15) T9 IOS or some configuration problem? Regards, D.M.Gore
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
